Admins need a permissions report!

(15)

Please, please, please give us a permissions report.  Before anyone contributes that we can print a list of roles through the API or a list of user permissions, this is not what I'm talking about.

Specifically, we need a report that will show each role and its specific permissions including the lock status for all accounts.

Really, how on earth are we supposed to keep track of permission settings across all accounts without this? We have over 100 accounts.  I know of other admins with far more accounts.

This has been a request for years now.  Instructure, have a heart for your admins and provide us an easier way to track the permission settings assigned to each role (both course and account) across accounts.

16 Comments
Stef_retired
Instructure Alumni
Instructure Alumni

Thank you for sharing this,  @kristin_bayless ‌. For context and perspective, I'm reproducing the comment  @millerjm ‌ appended to the now-archived idea that requested this report in an earlier voting cycle:

I think that your idea may have been somewhat resolved with the work that has been done as part ofPriority: Granular Permissions

I know it's not a report, but the new admin permissions interface makes it much easier to see the permissions and how they may differ in a subaccount from the default permissions for a role.  

 

For this idea, please also remember to follow:

 The first step to getting Granular Permissions was completed with the Permissions: New Interface.

kristin_bayless
Community Contributor

stefaniesanders, thanks for trying and I greatly appreciate everything that you do for the community, but every admin out there who manages permissions knows that physically clicking into 100 accounts to visually inspect the permissions is not the same as having a report that can be sliced and diced.  The fact that this feature request has come up so many times over the years speaks to the importance, even though it may not get many votes due to the limited target group (admins with significant numbers of sub-accounts in their instance).

nr2522
Community Champion

The full permissions matrix used to be easily printable, but a change a while back removed this functionality.

wilma_chapman
Community Novice

Hi, I agree @kristiebayless and I used to use the method that  @nr2522 ‌ mentions but sadly, can do so no longer which all adds to the frustration. Please, reporting is integral to most LMS systems and the fact that I need additional software (which I cannot afford presently) to get appropriate data is annoying at the least.

debit
Community Explorer

As a new Canvas user, I see that the lack of this report is a serious omission.

kirsten_ryall
Community Participant

Hey there, I'm getting a 'page not found' error message on the Priority: Granular Permissions link that is mentioned in the 12/12/2018 message. And the irony is that when I went to post my comment about it and had included the (bad) link, I got the following message, 'Your post has been changed because invalid HTML was found in the message body. The invalid HTML has been removed. Please review the message and submit the message when you are satisfied.'

brian_mullins
Community Participant

This seems like a no-brainer. Kind of unbelievable that this is not available. Instructure, name an internally-used third-party software package that your company runs on that does not have the ability to report (by ANY means) around security? Bet you can't find one.

We need this much more than more granular security, and I think we desperately need more granular security, so you can see where I rank this. Granular security is going to be great, but even now it's hard to know what has been granted where since we have no way to report it out. 

Please, make this a priority TODAY!

 

ashley_hardesty
Community Participant

We don't have more than a few Roles and it's almost impossible to share the permission settings when a user asks; "Does a Peer Tutor Role have access to Grades?"

I end up taking (6) screenshots of the Role permissions (in order to show all of the permission settings) so the user who asked can see exactly what permissions a "[Insert your role here]" has.

I'd like to see an End User, Read-only version of the Permissions section that can be made available, so they can click to see what each permission "means" and it's current setting.

kirsten_ryall
Community Participant

Please, please, please make this report happen. We have many custom roles across 100's of sub-accounts and each time we have a fantastic new feature introduced like more granular permissions (example - June 2021 release, plus the following deploy to further separate the permission), our Admins have to try and work out what the impact will be, to what role and in which sub-account. It is nearly impossible to manage and we find that sometimes we are having to make reactive updates when we get sneaky surprises. Help!

david_heath
Community Member

Desperately needed, great idea!

philip_quealy
Community Explorer

Fantastic idea this would save us so much time tracking down role permissions across our 100's of subaccounts.

jsmith
Community Explorer

I agree with the comments and use cases above.  Just today I was asked once again what permissions were associated with a specific role.  We really need this report!  It will save us so much time and frustration.

pennedav
Community Participant

Just now got a request from my superiors that would be very easy to answer if I had a way of generating a permissions report. Frankly, would be useful for me too. This needs to be added!

For me a must have on this report would be a way to know whether or not a given permission/role combo is the default Canvas setting or not. I've inherited a Canvas instance that's been running for several years and I know some permissions changes have been made over that time so I have no idea if a given permission has been changed by previous admins or it is the default Canvas behavior.

Actually there should be three reports: (1) a textual report allowing me to compare and contrast one sub-account with another sub-account's permissions (think something I can feed into a text diffing program); (2) a printable PDF and/or spreadsheet report I can share with supervisors and Deans etc who are interested in such info; and (3) an audit log of anytime a permission gets changed and by whom. Bonus points for requiring a memo field so the reason for the change can be documented.

jdick1
Community Participant

Commenting to bump this. Given the reality of turnover in both IT and school admin (who come in with different views on who should have access to what), this would be incredibly helpful

hmcneill
Community Participant

Adding my support to this idea as I am currently reviewing the roles we set up when we moved to Canvas last September. It is really time consuming to document permissions so that these can be shared with non-root admin, even though we only have a few roles. Any documentation is going to need maintained for changes to granularity and options implemented by Canvas. It would be far more efficient to be able to produce a report showing the current roles and permissions at the time of our review. 

ProductPanda
Instructure
Instructure
Status changed to: Archived
Comments from Instructure

As part of the new Ideas & Themes process, all ideas in Idea Conversations were reviewed by the Product Team. Any Idea that was associated with an identified theme was moved to the new Idea & Themes space. Any Idea that was not part of the move is being marked as Archived. This will preserve the history of the conversations while also letting Community members know that Instructure will not explore the request at this time.